> Ok, I wasn't aware up until now that crt.sh has data from pure test logs.
crt.sh doesn't monitor "pure" test logs, such as Google's testtube, crucible and solera logs. Dodo was not originally intended to be a test log (see https://github.com/sectigo/CTLogs-AcceptedRoots/tree/master/crt/dodo), but its scope has drifted a bit over time. (In retrospect, it would have been better if we'd kept the "production" and "test" use cases restricted to separate logs). > It seems okay from me. Though maybe crt.sh would want to indicate this > prominently to avoid confusion? I'm happy to consider concrete suggestions for what that might look like. 🙂 ________________________________ From: [email protected] <[email protected]> on behalf of Hanno Böck <[email protected]> Sent: 24 October 2022 08:37 To: Lahtiharju, Pekka <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: Certificate with Debian OpenSSL bug issued CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. On Mon, 24 Oct 2022 06:07:53 +0000 "Lahtiharju, Pekka" <[email protected]> wrote: > Telia was testing new Badkeys/Lint implementation and we wanted to do > also one test without Badkeys/Lint with vulnerable key to see if > anything else would prevent such key. According to our information CT > log "Dodo" that was used is non-production CT log and could be used > for such tests with non-trusted TLS certificates (Mammoth and Sabre > are Sectigo's production CT logs). I hope this kind of testing is OK? > Or should we keep such test certificates internal only without any CT > publishing? Ok, I wasn't aware up until now that crt.sh has data from pure test logs. It seems okay from me. Though maybe crt.sh would want to indicate this prominently to avoid confusion? -- Hanno Böck https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhboeck.de%2F&data=05%7C01%7Crob%40sectigo.com%7C230de0bececd4aa29aa708dab5929039%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638021938342010009%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=kdD6h%2FX1j6kE8YZaZxPiNLhwKDUgL%2F1DdeSLrnM6Vl8%3D&reserved=0 -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fmozilla.org%2Fd%2Fmsgid%2Fdev-security-policy%2F20221024093706.71bd06c7%2540computer&data=05%7C01%7Crob%40sectigo.com%7C230de0bececd4aa29aa708dab5929039%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638021938342010009%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=z0k8m77PvHDzSzLUL%2Fo8crKIszKee18I6gIGRnkzstc%3D&reserved=0. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/MW4PR17MB47298D5F5C32D3C245FE202EAA2E9%40MW4PR17MB4729.namprd17.prod.outlook.com.
